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REMARKS 

This Application has been carefully reviewed in light of the Office Action mailed 
October 3, 2007 (the "Office Action"). At the time of the Office Action, Claims 1, 3, 5-8, and 
24-35 were pending, of which, the Examiner rejected Claims 1, 3, 5-8, and 24-35. Applicants 
have amended Claims 1, 26, and 32 and have added new claim, Claim 36. Applicants 
respectfully request reconsideration and favorable action in this case. 

Section 103 Rejections 

The Examiner rejects Claims 1, 3, 5-8 and 24-35 under 35 U.S.C. § 103(a) as 
allegedly being unpatentable over Flurry et al. (US Publication No. 2003/0061512) 
Flurry") in view of Mishra et al. ("Security Services Markup Language", January 8, 2001 
( "Mishra "). Applicants respectfully traverse these rejections. 

Claim 1 is directed to a method wherein a first request to grant a web service 
customer access to a first web service is intercepted at an agent residing between the web 
service customer and the first web service and between the web service customer and a 
second web service. One or more authentication credentials of the web service customer are 
collected at the agent, and it is determined at the agent whether the web service customer is 
authenticated and authorized. If the web service customer is authenticated and authorized, 
the first request is granted at the agent; the creation of a session and a session ticket is 
initiated at the agent; a session ticket ID for the session ticket is obtained at the agent; and the 
session ticket ID and a public key are encrypted into an assertion at the agent. In further 
accordance with the method, a second request (comprising the assertion and a signature 
associated with a public key) to grant the web service customer access to a second web 
service is intercepted at the agent. If the private key matches the public key in the assertion, 
the second request is granted at the agent without reauthenticating or reauthorizing the web 
service customer. Neither Flurry nor Mishra, alone or in combination disclose, teach, or 
suggest each of these limitations. 
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L In Flurry* the alleged "Agent" generates the alleged "session ticket ID," 

and therefore, the alleged "Agent" does not intercept the session ticket ID as required 
by Claim 1. 

Claim 1 includes the limitations, "encrypting the session ticket ID and a public key 
into an assertion" and "intercepting at the agent a second request to grant the web service 
customer access to the second web service, the second request comprising the assertion and a 
signature associated with a private key." The Examiner contends that Flurry discloses these 
limitations and supports this contention by pointing to sections of Flurry which recite 
"[b]ecause the ASP aggregator has already authenticated the client/user, the ASP aggregator 
would immediately generate the application authentication token that is needed by the 
client/user with respect to the second aggregated application." See Office Action, page 4 
(citing Flurry, page 9, paragraphs 88-90). Applicants respectfully contend that the cited 
portions of Flurry do not support the Examiner's rejection. 

Even assuming for the sake of argument that the "ASP Aggregator" of Flurry 
discloses the "Agent" of Claim 1 as the Examiner contends; see Office Action, page 3 (citing 
Flurry, page 7, paragraph 70) and that the "application authentication token" of Flurry 
discloses, the "session ticket ID" included in the "assertion" of Claim 1 as the Examiner 
contends; see Office Action, page 3 (citing Flurry, page 7, paragraphs 13-15), the Examiner's 
argument must fail because Flurry states that "the ASP aggregator . . . generates the 
application authentication token;" see Flurry page 9, paragraph 88, while the "agent" of 
Claim 1 " intercept[sl ... [a] second request comprising the assertion." Thus, since the 
application authentication token of Flurry is generated by the ASP aggregator, it cannot 
intercepted as part of the "assertion" a required by Claim 1 . 

Claim 7 includes the limitations, "intercepting at an agent a . . . request comprising an 
encrypted assertion and a private key, the encrypted assertion comprising a session ticket ID 
for a session ticket." For reasons similar to those explained above with respect to Claim 1, 
the cited portions of Flurry do not disclose the limitations of Claim 7 at least because the 
"application authentication token" of Flurry is generated by the ASP aggregator and thus is 
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not "intercepted] at the agent" as required by Claim 1 . According, Applicants respectfully 
contend that Claim 7 and each of its dependent claims are in condition for allowance. 

II. All Claims are in condition for allowance 

Similar to Claim 1, Claims 26 and 32, each include limitations generally directed to 
encrypting the session ticket ID and a public key into an assertion and intercepting at the 
agent a second request to grant the web service customer access to the second web service, 
the second request comprising the assertion. For reasons similar to those explained above 
with respect to Claim 1, Applicants respectfully contend that Claims 26 and 32 and all of 
their respective dependent claims are in condition for allowance. Applicants further contend 
that none of the deficiencies of Flurry as discussed above are accounted for by the teaching 
of Mishra, and thus, Applicants respectfully request allowance of all pending claims. 
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CONCLUSION 



Applicants have now made an earnest attempt to place this case in condition for 
immediate allowance. For the foregoing reasons and for other reasons clearly apparent, 
Applicants respectfully request allowance of all pending claims. 

The Examiner is authorized to charge the amount of $50.00 for the addition of 1 
dependent claim to Deposit Account No. 02-0384 of Baker Botts L.L.P. Please charge any 
additional fees or credit any overpayment to Deposit Account No. 02-0384 of Baker Botts 
L.L.P. 

If there are matters that can be discussed by telephone to further the prosecution of 
this application, Applicants respectfully request that the Examiner call its attorney at the 
number listed below. 



Respectfully submitted, 
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